Under Armour, Inc. (UA) is known for its sports-related clothing. For a number of years, it has been offering customers apps such as MyFitnessPal and MapMyFitness that allow them to track the food they eat and their fitness-related actions. Unfortunately, the apps have suffered one of the largest data breaches to date that has exposed the personally identifying information (PII) of an estimated 150 people.
The Nationwide Class for this action is all persons living in the US who PII was disclosed in the Under Armour data breach of 2017-2018. There is also a California Class: All persons living in California whose PII was disclosed in the UnderArmour data breach of 2017-2018.
Originally, consumer could simply enter basic information like an e-mail address to use the apps. Sometime around 2013, UA began offering subscriptions, including paid subscriptions that allowed consumers to obtain priority customer support and avoid advertising. To facilitate payments, it began to store credit and debit card numbers.
The data breach was not discovered until March 25, 2018. However, it is believed that the breach happened around February 2018. Little information has been disclosed about the breach.
The numerous difficulties imposed on consumers by company data breaches have become well-known. Consumers are required to put out freezes and alerts, and to search for instances of illegal use of their information that have already taken place. Hackers and their customers have used PII to open credit card accounts, obtain medical services, file fake taxes to obtain refunds, and steal money from bank accounts. Since information may not be sold or used for years, consumers are stuck with endless monitoring, never knowing where the next assault on their finances and good name will come from.
According to the complaint, annual losses from identity theft are in the billions of dollars.
The complaint asserts that UA’s offenses include breaches of contract, negligence, and violations of California laws, including unlawful, unfair, fraudulent, or deceptive business practices. It adds to these constitutional invasion of privacy and breaches of the covenant of duty of good faith and fair dealing, among other things.
It asks the court, among other things, for proper information about the breach, for restitution and disgorgement of revenues wrongfully charged while it was not taking adequate care of the information it obtained, and for actual and compensatory damages.